Writer and cybersecurity researcher Kim Crawley on the benefits of being a ‘jack-of-all-trades’ when it comes to cybersecurity, and what companies should do to tackle the skills gap.
Kim Crawley describes herself as “a cybersecurity generalist who writes”.
“I think my love of computers started around 1988 when I saw my half-brother’s Commodore 64 for the first time. It was the very first PC I had ever laid eyes on. I was four years old at the time. I begged my brother and my mother to let me play with it but my brother refused.”
Her love for hacking began when she was a slightly older child; in the 90s she began using her family’s Windows 3.1 OEM PC that her novelist father purchased “brand new” for his writing career. Little did the family know they had an aspiring young hacker on their hands – and she was experimenting on her Dad’s precious files.
“I remember finding the Autoexec.bat file and opening it in Notepad and seeing what would happen if I removed a few lines from it. I think that was my first hack,” Crawley says.
From aspiring hacker to author
These days, Crawley is an author herself. She has written numerous books about cybersecurity, and she freelances for tech and cyber publications. She has written for tech companies such as AT&T, BlackBerry, NGINX, Synack and Hack The Box.
Crawley reckons the key to her success is that she doesn’t say she can’t or won’t do something. She writes about “absolutely everything”.
“Cyber threats to everything from consumer devices to ICS and SCADA. Cybersecurity policy from a CISO perspective. Social engineering. Penetration testing. Cyberwarfare. Cybercrime.
“I’ve had to become a jack-of-all-trades when it comes to cybersecurity knowledge because broadening my scope has been key to keeping the paid writing gigs going,” she says.
“A company would ask me to write about SIEM correlation rules. And instead of saying, ‘I don’t know’, I would research it so I could write about it. I needed that paycheck.”
Her latest book, Hacker Culture: A to Z, was released very recently. She wrote it at the same time as she was writing another book. During that same period, she took the ISC2 CISSP (Certified Information Systems Security Professional) exam and passed on her first try.
Making cybersecurity more accessible
“With Hacker Culture: A to Z, I want people to be intrigued about the history of computing, where our computer technology comes from. I want computer science and hacker culture to be accessible to everyone.”
Crawley also has a few thoughts on the current state of the cybersecurity industry. “I would like companies to take more chances hiring newcomers to the industry who don’t have any cybersecurity experience. Train them to do entry-level tasks like network security monitoring.”
She points out that some roles, “such as being an SOC analyst, require a lot more experience and training. But you can hire people with more credentials as well and have a mix of experience levels in your organisation.”
“If new, inexperienced people never get their first jobs in the cybersecurity industry, the dreaded ‘cybersecurity skills gap’ in the industry will get worse and worse. People aren’t born with CISSPs, nor do many cybersecurity roles require a CISSP,” she adds.
Making it easier for newbies to get on the career ladder can help make cybersecurity accessible. It can also enable companies and individuals access knowledge to make common sense decisions for their own cybersafety.
How to stay safe online in a changing world
When it comes to staying safe online, Crawley believes there is a lot more that companies can do than consumers. “For companies, I recommend coming up with a cyber incident response plan and team. Conduct vulnerability assessments. Hire people with cybersecurity knowledge, for spotting network vulnerabilities and responding to incidents. Keep lots of data backups, on premises and on the cloud. Apply CIS benchmarks to all of the technologies that you use. Log and monitor as many computing devices as you possibly can.”
For individuals and consumers, she recommends paying attention to cookie popups on the web. “Look carefully to make sure you’re only consenting to ‘necessary cookies’ and not tracking cookies.
“Try using Tor Browser, you will get a lot more privacy online with that. Use a password manager and make sure you generate complex passwords for all of your online accounts. Set up two-factor authentication on every online service that supports it. That usually means being sent a temporary code to log in in addition to entering your password.”
As for how she thinks AI is going to impact the future of the cybersecurity industry, Crawley is cautious. “In bad ways and in good ways,” she replies. “AI is going to be a dangerous tool in the hands of cyber attackers. But it’s also a powerful tool for cyber defenders. An AI arms race between the ‘bad guys’ and the ‘good guys’ is already underway.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.